Scribd
Upload
164 views7 pages

Healthineers SRS Checklist V19versalles

Uploaded by

soportesistemascv
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
164 views7 pages

Healthineers SRS Checklist V19versalles

Uploaded by

soportesistemascv
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Healthineers SRS Checklist v19

After completing this network checklist please send it by email:


USA Only Rest of the world
[email protected] [email protected]
SRS Hotline: +49 (9191) 18 8080 ext. 191 or
alternatively: +49 (9131) 611 2890
Reset Form

1. Contact Information
1.1 Customer
Hospital:* IMPULMEDICOS - CL VERSALLES
City:* Cali
Colombia

Confidential when filled out / Copyright © Siemens Healthcare GmbH, 2019. All rights reserved.
Country*
Group / Trust (optional)
1.2 Local resp. Healthineers Project Manager
Name:* Luis Muñoz
Phone Number:* +573124579068
Email:* [email protected]
(This email address is used to keep you notified about the connection process.)
1.3 Local Network Contact (or CSE)
Name:* Johao Guzman
Phone Number:* +573116041834
Email:* [email protected]
2. Internet connection share type / speed (bandwidth)
Internet connection for Smart Remote Services Dedicated Line Shared Line
Down-/Upload speed Download kbit/s Upload kbit/s

Please note: a SRS capable broadband connection should provide a minimum of:
4MBit/s downstream and 768kBit/s upstream.

3. Ordered SRS Connection


3.1 New SRS connection
via SHS Owned Access router (SOA) with dedicated
 please fill out sections 5 and 8
WAN access
via SHS Owned Access router (SOA) behind customer
 please fill out sections 6 and 8
router or firewall (see Appendix B)
Please ensure that the Local Network Contact in section
via Customer Owned Access (COA) router/firewall 1.3 is filled. This person will be contacted from the SRS
helpdesk. (Additional information about supported IPSEC
(VPN Endpoint provided by customer) proposal in the Appendix)
 please fill out section 8
✔ via Internet Based Connectivity (IBC / SSL VPN)  please fill out section 8
3.2 Adding systems to existing SRS hospital/site
to existing SOA or COA SRS site  please fill out sections 4 and 8

Legal notice: the collected data is processed and stored according to the German Data Protection Act (BDSG). The sender
of this checklist is responsible to ensure that collection and storage of data is in line with the country of origin's legislation.

*Mandatory fields

Smart Remote Services Page 1/7 COIT-000-812.09.19.02


Healthineers SRS Checklist v19

4. Existing SOA Router or Customer Owned Access


Please indicate at least one of the following:
SRS Communication Interface or Router Name
Continue with session 8

Confidential when filled out / Copyright © Siemens Healthcare GmbH, 2019. All rights reserved.
5. SHS Owned Access (SOA)
Router is already installed or will be installed on - -20 (MM-DD-YYYY)
5.1 LAN - IP configuration parameters for the network interface connected to LAN
IP Address (LAN Interface)
Netmask
IP Gateway (only needed if target systems are not in the
same network)
5.2.1 Internet (Broadband, 3G, 4G / LTE)
Static WAN IP of the dedicated internet connection
(provided by ISP - Internet Service Provider)
Dynamic WAN IP - Please enter Router Serial
Number
Continue with session 8

6. SOA router behind customer router/firewall


Router is already installed or will be installed on - -20 (MM-DD-YYYY)
6.1 LAN - IP configuration parameters for the network interface connected to LAN
IP Address (LAN Interface)
Netmask
IP Gateway (only needed if target systems are not in the
same network)
6.2 WAN interface
Static WAN IP address of the customer internet endpoint
(provided by ISP - Internet Service Provider)
IP Address (WAN interface) of the SOA router on the customer
LAN
Default Gateway of the WAN interface of
the SOA router
Continue with session 8

Smart Remote Services Page 2/7 COIT-000-812.09.19.02


Healthineers SRS Checklist v19

7. Customer Owned Access (COA)


cRSP Site Name
Static WAN interface IP address / Endpoint IP address
/
Encryption domain (not bigger than class C). If this is not possible, the
/
encryption domain will be treated as host based.
/

Confidential when filled out / Copyright © Siemens Healthcare GmbH, 2019. All rights reserved.
Session Key Setup / IPSec Phase 1 (at lifetime 24 hours)
IKE Protocol v1 IKE Protocol v2
Authentication SHA-256 EncryptionAES-256
Key-Exchange operation security DH-group-14 (2048 bit)
Tunnel Transformation / IPSec Phase 2 (at lifetime 1 hour)
AH-Authentication none ESP-Authentication SHA-256 ESP-Encryption AES-256
PfS DH-group-14 (2048 bit)
Preshared Secret
Please note: if a preshared secret is indicated above, the checklist must be securely transferred
(e. g. encrypted email or SecuFex, etc.). Otherwise the secret must be negotiated via telephone.
Continue with session 8

Smart Remote Services Page 3/7 COIT-000-812.09.19.02


Healthineers SRS Checklist v19

Confidential when filled out / Copyright © Siemens Healthcare GmbH, 2019. All rights reserved.
8. Medical Devices for SRS
Remarks
Product model* Material Number* Serial Number* IP Address* Netmask* Network (syngo.via OS or registered at ASP
1
Gateway(s)** 2
or behind CAG )
Example
MR Avanto 10684332 25300 136.5.3.23 255.255.255.0 136.5.3.1
Example
MR MRSC 10746385 12345 136.5.3.25 255.255.255.0 136.5.3.1 behind CAG
Example Windows 7 or Windows 2008R2
IKM Syngo.Via 10496180 87456 136.5.3.26 255.255.255.0 136.5.3.1
Cios Select 10893686 12613 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx VA10G

* Mandatory field
** Mandatory if modality is behind gateway(s) ASP1 = Appliance Server Package
2
CAG = Customer Access Gateway
Please check whether all fields are filled out and correct.
Remarks

Smart Remote Services Page 4/7 COIT-000-812.09.19.02


Healthineers SRS Checklist v19
Appendix
SRS VPN-Endpoints

EMEA - EUROPE / AFRICA AM - AMERICAS / CANADA


VPN Endpoint SRS Network VPN Endpoint SRS Network
Primary 185.181.24.1 194.138.39.16/29 Primary 206.208.5.1 129.73.116.88/29
Fallback 206.208.5.1 129.73.116.88/29 Fallback 185.181.24.1 194.138.39.16/29
APAC - ASIA / PACIFIC CN - CHINA

Confidential when filled out / Copyright © Siemens Healthcare GmbH, 2019. All rights reserved.
VPN Endpoint SRS Network VPN Endpoint SRS Network
Primary 103.115.98.1 194.138.243.176/29 Primary 222.66.70.227 194.138.243.176/29
Fallback 185.181.24.1 194.138.39.16/29 Fallback 185.181.24.1 194.138.39.16/29

Healthineers Router(SOA) behind customer router/firewall (Customer Internet Access)

If you are performing a SOA connection and the Healthineers router is behind a customer firewall or border
router please perform a port forwarding of the following ports to Healthineers router WAN interface, see below

Please forward and open bidirectionally following ports on your router/firewall

Source Direction Destination Protocol Nr


Please forward and open bidirectionally following ports on your router/firewall
IKE 185.181.24.1 (for all) Healthineers router UDP 500
206.208.5.1 (for AM/EMEA)
IKE NAT-Traversal Source Direction Destination
Healthineers router UDP Protocol
4500 Nr
103.115.98.1 (for APAC)
ESP Healthineers router IP 50
IKE 222.66.70.227
185.181.24.1 (for
(for CN)
EMEA/AM/CN) Healthineers router UDP 500

206.208.5.1 (for AM/EMEA)


IKE NAT-Traversal Port forwarding Healthineers router UDP 4500
103.115.98.1 (for APAC) from internet to Healthineers router
222.66.70.227 (for CN)
ESP Source Direction Destination router Protocol IP Nr
Healthineers 50
SSH 213.146.112.253
Healthineers router TCP 22
(Administration) 213.146.112.254

Port-Forwarding from Internet to Healthineers router


Allow from Healthineers router to internet
Source Direction Destination Protocol Nr
Source Direction Destination Protocol Nr
SSH 213.146.112.253 185.181.24.2 (for all)
Healthineers router TCP 22
(Administration) 213.146.112.254
206.208.5.2 (for AM/EMEA)

HTTPS Healthineers router 103.115.98.2(for APAC) TCP 443


222.66.70.228
Allow from Healthineers router (for CN)
to Internet.
213.146.112.253
Source Direction213.146.112.254
Destination Protocol Nr

185.181.24.2 (for all)


206.208.5.2 (for AM/EMEA)
103.115.98.1 (for APAC)
HTTPS Healthineers router UDP 500
222.66.70.227 (for CN)
213.146.112.253
213.146.112.254

Smart Remote Services Page 5/7 COIT-000-812.09.19.02


Healthineers SRS Checklist v19

Network rules for firewall configuration (Port list)


To enable your systems to perform SRS-based services, the following ports or protocols need to be opened

Siemens Healthineers (SRS Backend) to Hospital


Source Destination
Source Destination Protocol Description Required for
Port Port
HTTP - syngo Service
any 80 TCP
Interface
HTTPS - syngo Service

Confidential when filled out / Copyright © Siemens Healthcare GmbH, 2019. All rights reserved.
any 443 TCP Remote Diagnosis & Repair
Interface
Siemens Healthineers

any 3389 TCP RDP


reactive
(SRS Backend)

FTP Data (Active Mode) Remote Diagnosis & Repair


20 >1024 TCP
Hospital

- Transfer of e.g. logfiles (Guardian): File Transfer


syngo Remote Assist - Remote Assist /
any 11080 TCP
TeamViewer Remote Trainer
PING - basic connectivity
ICMP /
testing
Remote Software Update &
any 8226 TCP Radia Notify
proactive

Upgrades (Virus Protection)


HTTPS - Event
Predictive & Proactive
any 13001 TCP Management, Server to
Monitoring (Guardian)
Agent (e.g. templates)

Hospital to Siemens Healthineers (SRS Backend)


Source Destination
Source Destination Protocol Description Required for
Port Port

any 20, 21 TCP FTP Data FTP

FTP Data (Passive Mode) Remote Diagnosis & Repair


>1024 >1024 TCP
- Transfer of e.g. logfiles (Guardian): File Transfer
SMTP - syngo
any 25 TCP
autoreporting
reactive

HTTPS / websocket -
any 443 TCP
SRS NextGen client
Remote Diagnosis & Repair
Siemens Healthineers

HTTP - proxy for sRA


any 8080 TCP
TeamViewer, KB Access
(SRS Backend)

Remote Software Update &


any 4723 TCP TrendMicro VP Pull
Hospital

Upgrades (Virus Protection)


PING - basic
ICMP /
connectivity testing

any 8226 TCP Radia Notify

Remote Software Update &


any 8227 TCP Radia Data
Upgrades (Virus Protection)
proactive

any 8228 TCP Radia Client Connection

any 123 UDP NTP for Environmental


Monitoring Predictive & Proactive
HTTPS - Event Monitoring (Guardian)
any 12061 TCP Management, Agent to
Server (alarms)

Smart Remote Services Page 6/7 COIT-000-812.09.19.02


Healthineers SRS Checklist v19

Other supported connection ports and protocols (may apply to selected systems)
systems) Source Destination
Source Destination Protocol Description Required for
Port Port

any 22 TCP SSH

Confidential when filled out / Copyright © Siemens Healthcare GmbH, 2019. All rights reserved.
any 23 TCP Telnet
Siemens Healthineers

any 5631 TCP pcAnywhere1


(SRS Backend)

Hospital

any 5632 UDP pcAnywhere1 Remote Diagnosis & Repair

any 5900 - 5909 TCP VNC1

10000, 10005, syngo.Workflow DB


any TCP
10010 Server2
11100,11105, syngo.Workflow
any TCP
11110 Application Server2,3

any 3020 TCP Logging of Events


Siemens Healthineers

any 3021 TCP Initial Contact


(SRS Backend)
Hospital

any 3023 TCP Monitoring Security Appliance

any 8906 TCP Dynamic Control

any 80 TCP Virus Protection Updates

1 - specific for Sensis Products (mostly available in USA)


2 - syngo.Workflow specific ports (for Data Maintenance; mostly available in USA, Canada and Australia).
3 - Only necessary for medical devices with syngo versions below VB30. New installations and medical devices with VB30 and
higher will use port 80 instead.

Smart Remote Services Page 7/7 COIT-000-812.09.19.02

You might also like